DOCSLIB.ORG

Etsi Ts 119 312 V1.1.1 (2014-11)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Etsi Ts 119 312 V1.1.1 (2014-11) ETSI TS 119 312 V1.1.1 (2014-11) TECHNICAL SPECIFICATION Electronic Signatures and Infrastructures (ESI); Cryptographic Suites 2 ETSI TS 119 312 V1.1.1 (2014-11) Reference DTS/ESI-0019312 Keywords e-commerce, electronic signature, security, trust services ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI. The content of the PDF version shall not be modified without the written authorization of ETSI. The copyright and the foregoing restriction extend to reproduction in all media. © European Telecommunications Standards Institute 2014. All rights reserved. DECTTM, PLUGTESTSTM, UMTSTM and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association. ETSI 3 ETSI TS 119 312 V1.1.1 (2014-11) Contents Intellectual Property Rights ................................................................................................................................ 5 Foreword ............................................................................................................................................................. 5 Modal verbs terminology .................................................................................................................................... 5 Introduction ........................................................................................................................................................ 5 1 Scope ........................................................................................................................................................ 6 2 References ................................................................................................................................................ 6 2.1 Normative references ......................................................................................................................................... 6 2.2 Informative references ........................................................................................................................................ 7 3 Definitions and abbreviations ................................................................................................................... 8 3.1 Definitions .......................................................................................................................................................... 8 3.2 Abbreviations ..................................................................................................................................................... 8 4 Maintenance of the document .................................................................................................................. 9 5 Hash functions ........................................................................................................................................ 10 5.1 General ............................................................................................................................................................. 10 5.2 Recommended hash functions .......................................................................................................................... 10 5.2.1 SHA-224 ..................................................................................................................................................... 10 5.2.2 SHA-256 ..................................................................................................................................................... 10 5.2.3 SHA-384 ..................................................................................................................................................... 11 5.2.4 SHA-512 ..................................................................................................................................................... 11 5.2.5 SHA-512/256 .............................................................................................................................................. 11 5.3 Other hash functions ......................................................................................................................................... 11 5.3.1 SHA-1 is no more recommended ................................................................................................................ 11 5.3.2 WHIRLPOOL is no more recommended .................................................................................................... 11 5.3.3 SHA-3 ......................................................................................................................................................... 12 6 Signature schemes .................................................................................................................................. 12 6.1 Signature algorithms......................................................................................................................................... 12 6.1.1 General ........................................................................................................................................................ 12 6.1.2 Recommended signature algorithms ........................................................................................................... 12 6.1.2.1 RSA ....................................................................................................................................................... 12 6.1.2.2 DSA....................................................................................................................................................... 13 6.1.2.3 Elliptic curve analogue of DSA based on a group E(Fp) ....................................................................... 13 m 6.1.2.4 Elliptic curve analogue of DSA based on a group E(F2 ) ..................................................................... 14 6.1.2.5 EC-GDSA based on a group E(Fp) ........................................................................................................ 14 m 6.1.2.6 EC-GDSA based on a group E(F2 ) ...................................................................................................... 14 6.1.2.7 Other EC-DSA variants for future applications .................................................................................... 15 6.2 Key generation algorithms ............................................................................................................................... 15 6.2.1 General ........................................................................................................................................................ 15 6.2.2 Recommended key generation algorithms .................................................................................................. 15 6.2.2.1 Key and parameter generation algorithm rsagen1 ................................................................................. 15 6.2.2.2 Key and parameter generation algorithm dsagen1 ................................................................................ 16 6.2.2.3 Key and parameter generation algorithm ecgen1 for ecdsa-Fp ............................................................. 16 6.2.2.4 Key and parameter generation algorithm ecgen2 for ecdsa-F2m .......................................................... 17 6.2.2.5 Key and parameter generation algorithm ecgen1 for ecgdsa-Fp ........................................................... 17 6.2.2.6 Key and parameter generation algorithm ecgen2 for ecgdsa-F2m ........................................................ 17 7 Signature suites ...................................................................................................................................... 17 7.1 General ............................................................................................................................................................. 17 7.2 Padding methods .............................................................................................................................................
Load more

Recommended publications
  • TS 102 176-1 V2.1.1 (2011-07) Technical Specification
    ETSI TS 102 176-1 V2.1.1 (2011-07) Technical Specification Electronic Signatures and Infrastructures (ESI); Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms 2 ETSI TS 102 176-1 V2.1.1 (2011-07) Reference RTS/ESI-000080-1 Keywords e-commerce, electronic signature, security ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice Individual copies of the present document can be downloaded from: http://www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at http://portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http://portal.etsi.org/chaircor/ETSI_support.asp Copyright Notification No part may be reproduced except as authorized by written permission.
    [Show full text]
  • The Hitchhiker's Guide to the SHA-3 Competition
    History First Second Third The Hitchhiker’s Guide to the SHA-3 Competition Orr Dunkelman Computer Science Department 20 June, 2012 Orr Dunkelman The Hitchhiker’s Guide to the SHA-3 Competition 1/ 33 History First Second Third Outline 1 History of Hash Functions A(n Extremely) Short History of Hash Functions The Sad News about the MD/SHA Family 2 The First Phase of the SHA-3 Competition Timeline The SHA-3 First Round Candidates 3 The Second Round The Second Round Candidates The Second Round Process 4 The Third Round The Finalists Current Performance Estimates The Outcome of SHA-3 Orr Dunkelman The Hitchhiker’s Guide to the SHA-3 Competition 2/ 33 History First Second Third History Sad Outline 1 History of Hash Functions A(n Extremely) Short History of Hash Functions The Sad News about the MD/SHA Family 2 The First Phase of the SHA-3 Competition Timeline The SHA-3 First Round Candidates 3 The Second Round The Second Round Candidates The Second Round Process 4 The Third Round The Finalists Current Performance Estimates The Outcome of SHA-3 Orr Dunkelman The Hitchhiker’s Guide to the SHA-3 Competition 3/ 33 History First Second Third History Sad A(n Extremely) Short History of Hash Functions 1976 Diffie and Hellman suggest to use hash functions to make digital signatures shorter. 1979 Salted passwords for UNIX (Morris and Thompson). 1983/4 Davies/Meyer introduce Davies-Meyer. 1986 Fiat and Shamir use random oracles. 1989 Merkle and Damg˚ard present the Merkle-Damg˚ard hash function.
    [Show full text]
  • Cryptography Knowledge Area (Draft for Comment)
    CRYPTOGRAPHY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Nigel Smart – KU Leuven EDITOR: George Danezis – University College London REVIEWERS: Dan Bogdanov - Cybernetica Kenny Patterson – Royal Holloway, University of London Liqun Chen – University of Surrey Cryptography Nigel P. Smart April 2018 INTRODUCTION The purpose of this chapter is to explain the various aspects of cryptography which we feel should be known to an expert in cyber-security. The presentation is at a level needed for an instructor in a module in cryptography; so they can select the depth needed in each topic. Whilst not all experts in cyber-security need be aware of all the technical aspects mentioned below, we feel they should be aware of all the overall topics and have an intuitive grasp as to what they mean, and what services they can provide. Our focus is mainly on primitives, schemes and protocols which are widely used, or which are suitably well studied that they could be used (or are currently being used) in specific application domains. Cryptography by its very nature is one of the more mathematical aspects of cyber-security; thus this chapter contains a lot more mathematics than one has in some of the other chapters. The overall presentation assumes a basic knowledge of either first-year undergraduate mathematics, or that found in a discrete mathematics course of an undergraduate Computer Science degree. The chapter is structured as follows: After a quick recap on some basic mathematical notation (Sec- tion 1), we then give an introduction to how security is defined in modern cryptography. This section (Section 2) forms the basis of our discussions in the other sections.
    [Show full text]
  • NISTIR 7620 Status Report on the First Round of the SHA-3
    NISTIR 7620 Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition Andrew Regenscheid Ray Perlner Shu-jen Chang John Kelsey Mridul Nandi Souradyuti Paul NISTIR 7620 Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition Andrew Regenscheid Ray Perlner Shu-jen Chang John Kelsey Mridul Nandi Souradyuti Paul Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 September 2009 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Deputy Director NISTIR 7620: Status Report on the First Round of the SHA-3 Cryptographic Hash Algorithm Competition Abstract The National Institute of Standards and Technology is in the process of selecting a new cryptographic hash algorithm through a public competition. The new hash algorithm will be referred to as “SHA-3” and will complement the SHA-2 hash algorithms currently specified in FIPS 180-3, Secure Hash Standard. In October, 2008, 64 candidate algorithms were submitted to NIST for consideration. Among these, 51 met the minimum acceptance criteria and were accepted as First-Round Candidates on Dec. 10, 2008, marking the beginning of the First Round of the SHA-3 cryptographic hash algorithm competition. This report describes the evaluation criteria and selection process, based on public feedback and internal review of the first-round candidates, and summarizes the 14 candidate algorithms announced on July 24, 2009 for moving forward to the second round of the competition. The 14 Second-Round Candidates are BLAKE, BLUE MIDNIGHT WISH, CubeHash, ECHO, Fugue, Grøstl, Hamsi, JH, Keccak, Luffa, Shabal, SHAvite-3, SIMD, and Skein.
    [Show full text]
  • Year 2010 Issues on Cryptographic Algorithms
    Year 2010 Issues on Cryptographic Algorithms Masashi Une and Masayuki Kanda In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST.
    [Show full text]
  • Electronic Signature Algorithms Standard
    Electronic Signature Algorithms Standard Version: 1.0 Author: Qatar Public Key Infrastructure Section Document Classification: PUBLIC Published Date: June 2018 Electronic Signature Algorithms Standard Version: 1.0 Page 1 of 13 Classification: Public Document Information Date Version Reviewed By 04/06/2018 1.0 Qatar National PKI Team Electronic Signature Algorithms Standard Version: 1.0 Page 2 of 13 Classification: Public Content 1. Overview ......................................................................................................................................... 4 2. Introduction .................................................................................................................................... 4 1. Objective of the document ......................................................................................................... 4 2. Audience ..................................................................................................................................... 4 3. Security properties of electronic signature .................................................................................... 4 4. Hash algorithms .............................................................................................................................. 4 1. Hash functions ............................................................................................................................ 4 2. Hash function properties ...........................................................................................................
    [Show full text]
  • A Hybrid Proof-Of-Work, Proof-Of-Stake Crypto-Currency
    Memcoin2 0.05 Conceptual White Paper MEMCOIN2: A HYBRID PROOF-OF-WORK, PROOF-OF-STAKE CRYPTO-CURRENCY Adam Mackenzie1 Abstract Crypto-currencies are gaining traction as monetary instruments. A novel crypto-currency with a hybrid proof-of-work and proof- of-stake system is proposed that aords eventual democratic control of the monetary supply to the userbase through participatory voting. Among the features included to achieve this control are a novel a ‘polymorphic’ hash tree and extensive use of sequential ‘memory-hard’ secure hash algorithms. Keywords proof-of-work — proof-of-stake — crypto-currency 1Please note that this white paper is a work-in-progress. Contents 1. The use of a proof-of-work (PoW) algorithm for which an FPGA and ASIC implementation may not be easily Executive Summary 1 created (Section i). The MC2 Contribution.........................1 The btcd Platform............................1 2. A proof-of-stake (PoS) system that works alongside the PoW system to further secure the blockchain (Section Introduction 2 ii). i. Secure Hash Trees for PoW...................2 ii. A Novel PoS System.......................2 3. An internal participatory voting system for major con- iii. Miner Reward Algorithms....................3 troversies that may arise about the future of the blockchain, iv. Block Header and Transaction Data..............4 including interest rates (Section ii). v. Colored Coins...........................5 4. A new distribution scheme and diculty retargeting vi. Lightweight Clients........................5 algorithm that should aord stability to the cryptocur- References 6 rency’s equivalent at value (Section iii). Appendix A: PoW Hashing Function 7 5. A colored coin system to allow users of the blockchain Appendix B: PoS Voting for PoW Blocks 9 to create and maintain their own derivatives within Appendix C: PoW and PoS Hybrid Design 11 the blockchain itself (Section v).
    [Show full text]
  • Automated Techniques for Hash Function and Block Cipher Cryptanalysis
    Arenberg Doctoral School of Science, Engineering & Technology Faculty of Engineering Department of Electrical Engineering (ESAT) Automated Techniques for Hash Function and Block Cipher Cryptanalysis Nicky MOUHA Dissertation presented in partial fulfillment of the requirements for the degree of Doctor of Engineering June 2012 Automated Techniques for Hash Function and Block Cipher Cryptanalysis Nicky MOUHA Jury: Dissertation presented in partial Prof. em. dr. ir. Yves D. Willems, chair fulfillment of the requirements for Prof. dr. ir. Bart Preneel, supervisor the degree of Doctor of Engineering Prof. dr. ir. Vincent Rijmen, secretary Prof. dr. ir. Frank Piessens Dr. Svetla Petkova-Nikova Dr. Matt Robshaw (Applied Cryptography Group, Orange Labs, France) June 2012 Our greatest glory is not in never falling, but in rising every time we fall. Confucius c 2012 Nicky Mouha � D/2012/7515/71 ISBN 978-94-6018-535-9 If I have seen further it is only by standing on the shoulders of giants. Isaac Newton Acknowledgments Every research paper is a puzzle piece, linking other pieces together to reveal a bigger picture. As such, research can’t be done in isolation. In the past few years, I’ve been extremely fortunate to meet the world’s best and brightest in thefield of symmetric-key cryptography. Many times, I’ve found myself to be the stupidest and most ignorant person in the room. To me, such experiences have been exciting and humbling, but most of all a great opportunity to learn. Therefore, I would like to personally thank everyone who contributed in one way or another to this thesis.
    [Show full text]
  • Fundamental Data Structures Contents
    Fundamental Data Structures Contents 1 Introduction 1 1.1 Abstract data type ........................................... 1 1.1.1 Examples ........................................... 1 1.1.2 Introduction .......................................... 2 1.1.3 Defining an abstract data type ................................. 2 1.1.4 Advantages of abstract data typing .............................. 4 1.1.5 Typical operations ...................................... 4 1.1.6 Examples ........................................... 5 1.1.7 Implementation ........................................ 5 1.1.8 See also ............................................ 6 1.1.9 Notes ............................................. 6 1.1.10 References .......................................... 6 1.1.11 Further ............................................ 7 1.1.12 External links ......................................... 7 1.2 Data structure ............................................. 7 1.2.1 Overview ........................................... 7 1.2.2 Examples ........................................... 7 1.2.3 Language support ....................................... 8 1.2.4 See also ............................................ 8 1.2.5 References .......................................... 8 1.2.6 Further reading ........................................ 8 1.2.7 External links ......................................... 9 1.3 Analysis of algorithms ......................................... 9 1.3.1 Cost models ......................................... 9 1.3.2 Run-time analysis
    [Show full text]
  • Hash Function Design Overview of the Basic Components in SHA-3 Competition
    Hash Function Design Overview of the basic components in SHA-3 competition Daniel Joščák [email protected] S.ICZ a.s. Hvězdova 1689/2a, 140 00 Prague 4; Faculty of Mathematics and Physics, Charles University, Prague Abstract In this article we bring an overview of basic building blocks used in the design of new hash functions submitted to the SHA-3 competition. We briefly present the current widely used hash functions MD5, SHA-1, SHA-2 and RIPEMD-160. At the end we consider several properties of the candidates and give an example of candidates that are in SHA-3 competition. Keywords: SHA-3 competition, hash functions. 1 Introduction In 2004 a group of researchers led by Xiaoyun Wang (Shandong University, China) presented real collisions in MD5 and other hash functions at the rump session of Crypto conference and they explained the method in [10]. In 2006 the same group presented a collision attack on SHA–1 in [8] and since then a lot of progress in collision finding algorithms has been made. Although there is no specific reason to believe that a practical attack on any of the SHA–2 family of hash functions is imminent, a successful collision attack on an algorithm in the SHA–2 family could have catastrophic effects for digital signatures. In reaction to this situation the National Institute of Standards and Technology (NIST) created a public competition for a new hash algorithm standard SHA–3 [1]. Except for the obvious requirements of the hash function (i.e. collision resistance, first and second preimage resistance, …) NIST expects SHA–3 to have a security strength that is at least as good as the hash algorithms in the SHA–2 family, and that this security strength will be achieved with significantly improved efficiency.
    [Show full text]
  • Cryptography in Context
    Cryptography in Context Cryptography in Context Gerard Tel iv Contents Contents v Preface ix 1 On the Secure Hash Algorithm family (Wouter Penard and Tim van Werkhoven) 1 1.1 Introduction . 1 1.2 Description of the SHA Algorithms . 4 1.3 Generic Attacks . 8 1.4 Specialized Attacks . 13 1.5 Implications of Attacks . 17 1.6 Conclusion . 17 2 Security and privacy of RFID tags (Jeroen van Wolffelaar) 19 2.1 RFID tags . 19 2.2 Case: Baja Beach Club . 20 2.3 Case: Biometric passports . 22 2.4 Case: OV-chipkaart . 24 2.5 Conclusions . 27 3 Xbox Securtity (Miloslav Valco) 29 3.1 Microsoft's Financial Gambles . 29 3.2 Andrew "bunnie" Huang . 31 3.3 RC4 . 33 3.4 Tiny Encryption Algorithm . 35 3.5 The Visor Hack . 36 3.6 Xbox Linux Project . 36 3.7 Discussion and conclusion . 37 4 Multiple Encryption (Ronald Chu & Mark Jeronimus) 39 4.1 Introduction . 39 4.2 definitions . 40 4.3 Known attacks . 40 4.4 Applications . 45 4.5 Summary and conclusions . 47 v vi Contents 5 Phishing (Marnix Kammer and Barbara Pieters) 49 5.1 Phishing and cryptography . 49 5.2 Forms of phishing . 50 5.3 Changes in human-computer interaction to prevent phishing . 53 5.4 Technical solutions to prevent phishing . 56 5.5 Summary and conclusions . 64 6 Electronic Voting 2.0 (Jeiel Schalkwijk) 67 6.1 The current state of voting machines . 67 6.2 Cryptographic systems . 70 6.3 ThreeBallot . 71 6.4 Moran and Naor's protocol . 72 6.5 Conclusion .
    [Show full text]
  • Use Style: Paper Title
    Secure Autoconfiguration and Public-key Distribution for Mobile Ad-hoc Networks Hongbo Zhou Matt W. Mutak Lionel M. Ni Dept. of Computer Science Dept. of Computer Science & Dept. of Computer Science Slippery Rock University Engineering Hong Kong University of Slippery Rock, PA, USA Michigan State University Science & Technology [email protected] East Lansing, MI, USA Hong Kong SAR, China [email protected] [email protected] Abstract—Security is extremely important for the deployment of (3) The assumption underlying the MANET is that all the a Mobile Ad-hoc Networks (MANET) due to its openness to nodes (or most nodes) cooperate to function properly. A attackers, the absence of an infrastructure, and the lack of malicious node can undermine routing fabrics and other centralized administration. Most research efforts have been services passively (by dropping the packets that need to be focused on secure routing protocols, the distributed certificate forwarded) or actively (by injecting false information into the authority, and key distribution, while a few projects have focused on secure autoconfiguration. However, the importance of network or altering the packets in transit); integration of a secure autoconfiguration and public-key (4) It is more difficult to identify the source of a message distribution has been neglected. This paper presents a secure in the MANET than in the hardwired network because of the autoconfiguration and public-key distribution algorithm to absence of an infrastructure and the lack of centralized achieve uniqueness of address allocation and secure public-key distribution when a new node joins a MANET, which provides administration. the bootstrapping for building a distributed certificate authority Thus, a seemingly easy task may become difficult when (DCA) in the network where a trust relationship is absent.
    [Show full text]